" hipaa Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘hipaa’

How do I send HIPAA-compliant lab results via email?

Friday, May 5th, 2017

A question about HIPAA-compliant transactional email from Ask Erik:

As a non-technical member of the founding team of a Health Care Startup I have a question about HIPAA-compliant email as we begin to send out lab test results to individuals and the health care providers we partner with:

“Does one dedicated email address for results distribution that is HIPAA-compliant and secure make us in compliance. ”

We have team members who communicate with our DDS clinics but they don’t distribute test results. Only I will do that through a dedicated email address.   What do we have to do to be compliant from day one of distributing test results as part of our service to our customers (primarily dentists and oral surgeons)?

I was told by the service provider of our website and email hosting services that if we made the one email address a Business Premium account using the Microsoft Secure Server, that all the other regular email addresses would be covered as well. Is this true?

Thank you for the forum to ask real life scenario questions.

Lab results to email

Hello,

There are many aspects to your question.  Lets address each one in turn:

Read the rest of this post »

HIPAA-compliant Save and Resume for your Web forms

Wednesday, May 3rd, 2017

If you have a long or complex web form, users may wish to fill out only part of it and then save their work so that they can come back later and finish the form.  This is “Save and Resume” functionality.  While some form systems support Save and Resume, few provide HIPAA-compliant Save and Resume.

Form Save and Resume

What does HIPAA-compliant Save and Resume require?

For HIPAA-compliant Save and Resume, at a high level you need:

  1. The form data to be saved must be securely transmitted from the user’s browser to a server
  2. That data should be encrypted while stored
  3. That data must be securely transmitted back from the server when the user wants to resume editing the form
  4. Usually, the end user gets a link that can be used to resume editing the form where the s/he left off.  This link needs to be password protected or otherwise include authentication so that access to the sensitive form data is restricted.  HIPAA requires access control.
  5. Audit trail logs of saving and resuming form data should be kept.
  6. You need a HIPAA Business Associate Agreement with the service provider hosting the database where the form data is being saved.

The majority of Save and Resume functions provided by form service providers either (a) do not encrypt the data, (b) do not provide authentication for resuming the form, (d) do not keep any kind of logs, or (d) do not provide a HIPAA Business Associate Agreement for the data hosting servers.

Read the rest of this post »

Interview with Jim Simpson, Director of Product Management at Duo

Wednesday, April 26th, 2017

Back in 2011, LuxSci integrated Duo.com‘s advanced two-factor authentication into our WebMail service. Any LuxSci customer can use Duo.com to protect their WebMail, as well as their admin access to LuxSci. This all comes at no extra cost.

We even use Duo’s authentication ourselves. It’s great for administrative actions both at the server command line and through the web interface. An advanced two-factor authentication system such as Duo.com is excellent for enhancing a system’s security. It is a requirement for PCI compliance and can be helpful for HIPAA compliance as well.

Duo.com

The new Duo Access service is an innovative way to enforce corporate security policies, helping businesses to drastically cut their risks. Duo’s Jim Simpson has taken some time out of his schedule to answer some questions for us and discuss the details of their service.

Read the rest of this post »

Data Privacy Laws: How Does the US Stack Up Against the EU?

Wednesday, April 12th, 2017

by Josh Lake

As the media attention surrounding the repeal of the data privacy framework begins to calm down, now is the perfect time to examine where the USA stands with our current laws. As one of the most culturally and economically similar parts of the world, comparing our laws against Europe’s can provide a good frame of reference.

While the US government is focusing on stripping back red tape in a bid to kickstart business, the European Union has gone in the other direction and is stepping up its bureaucracy with the General Data Protection Regulation (GDPR). These new laws come into play in May 2018, so businesses are hard at work to make sure they will be compliant when the date swings around.

Read the rest of this post »

If my web site is very simple, do I have to worry about HIPAA compliance?

Friday, March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information.  As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question!  Here, we delve into how you can answer this for your site.

 

Read the rest of this post »

How To Encourage Patient Consent To Email Marketing Without Feeling Slimy

Monday, March 20th, 2017

If email marketing is known to produce results across a variety of industries, why do some professionals feel uncomfortable with it?  Why do they feel “slimy”?  It is not uncommon for people to feel hesitant to engage in email marketing because it somehow feels “wrong” to them.    There are several factors at play in this limiting belief; in this article, we shall shed light on them to help dispel this feeling so that you can confidently get to work and grow your business, knowing that you are actually helping others.

Email Marketing

Read the rest of this post »

WordPress Security Overview: Can WordPress be HIPAA-compliant?

Monday, March 13th, 2017

WordPress is a content management system that dominates the internet, powering more than 24% of the web. Although it has many great features that make it quick and easy to set up, the complications associated with HIPAA standards can make it difficult to achieve compliance. WordPress has recovered from a checkered past as far as security is concerned, but it is still a third party tool which is not specifically designed to conform to HIPAA standards.

WordPress Security

Read the rest of this post »

17 Questions To Ask Yourself Before You Send A HIPAA-Compliant Marketing Email

Friday, March 10th, 2017

You’ve just been told that you need to rethink your entire email marketing system. Your attorney and compliance specialist are both telling that you need implement HIPAA-compliant email marketing.

Your starting point is to break down that goal into two components: business goals and HIPAA compliance. Your email marketing has to achieve your business goals like providing fast customer service and generating more appointments. Next, you need to put HIPAA compliant systems and processes in place.

Use these 17 questions to review your email marketing aligns with your business goals and HIPPA.

HIPAA-compliant email marketing

Read the rest of this post »

Why Are Hackers Targeting Your Medical Records?

Thursday, March 2nd, 2017

Medical record theft is booming. Over the past few years, large scale breaches have become more common and increasingly severe. Last year in June, a hacker named thedarkoverlord was selling 650,000 US healthcare records as part of a long-running crime spree. The collection was listed on a deep web marketplace called the Real Deal for over $700,000 worth of Bitcoin.

A cancer treatment provider called 21st Century Oncology had 2.2 million patients records compromised in late 2015. The stolen data included patient names, the names of their doctors, social security numbers, insurance information, diagnoses and treatments. The company was required to notify all of the affected patients and they have also offered free credit protection for one year as partial compensation. 

This is just the tip of the iceberg. According to Bitglass, 113 million Americans were affected by healthcare data breaches in 2015. This is almost 10 times more than the previous year. The IDC’s Health Insights group predicted that one in three patients would be the victim of a breach in 2016. This trend is likely to continue or even intensify over the coming years.

Read the rest of this post »

eBook: HIPAA-compliant Website Basics

Monday, February 27th, 2017

What healthcare organizations need to know about HIPAA-compliant web sites

Book 2 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

This LuxSci eBook is your well-researched guide to both a critical understanding of the specific issues and concepts of HIPAA as it applies to web sites, so that you stay compliant with these government standards. This document will provide a framework for your health care organization to keep the privacy of patient information front and center while still having an engaging web presence. Providers will have the necessary tools to meet all requirements established by HIPAA for access to, storage of, and transmission of protected health information (PHI) through web sites.

This eBook includes sections on:

  1. Introduction
  2. What are HIPAA-compliant web sites?
  3. HIPAA-compliance for WordPress
  4. What is HIPAA-compliant web site hosting?
  5. Components of a solid web site hosting infrastructure
  6. Finding a HIPAA-compliant provider
  7. What are HIPAA-compliant web forms?
  8. Informing developers of HIPAA requirements
  9. Conclusion

Download the eBook